8.2.5 Ensure unnecessary USB devices are disconnected


Ensure that no USB device is connected to a virtual machine unless required. For a USB device to be disconnected, the usb.present parameter should either not be present or have a value of FALSE.


Removing unnecessary hardware devices can reduce the number of potential attack channels and help prevent attacks.


To disconnect all USB devices from VMs, run the following PowerCLI command:

# Remove all USB Devices attached to VMs
Get-VM | Get-USBDevice | Remove-USBDevice

The VM will need to be powered off for this change to take effect.

See Also